BUS 100

Topic 9

Information Technology (IT)

Controls

Slides 1 of 3

Make today matter

Rudrik du Bruyn
BCom(Hons) (UP), MCom (UP), MSc (Texas – Dallas), CIA (IIA)

 Senior Lecturer
 Head: UP Centre for Internal Auditing Excellence
 Graduated with two Masters degrees (UP & UTD)
 Visiting adjunct faculty at Louisiana State University (LSU) in
the USA
 Past chairman of the Global Institute of Internal Auditors’ ARC
 Apart from teaching in the USA, also taught at Nanjing Audit
University in China
 Published 4 textbooks and various articles
 Presented at numerous conferences in South Africa, Kenya,
Mexico and the United States.
 Volunteer auditor for Habitat for Humanity in Uganda.

2
Topic 9 – Background to internal controls with a focus
on Information System and Communications; and
an introduction to a computerised environment

Week: 20 – 24 May 2024

This session’s objective is to:
1. explain how information systems and communication
technology fits into the background on internal control
already covered in specific outcome (Background to
internal control); and
2. introduce computerised environments.

3
Sources:
• Auditing Fundamentals 2nd Edition – Chapter 5
• Graded Questions 3rd Edition: Chapter 5

4
Background
• Information systems and communication forms part of one
of the 5 components of internal control.
• Information systems forms a crucial part of an entity’s
business processes and is used in the recording and
processing of transactions and the subsequent reporting of
information.
• Automated/computerised accounting systems are mostly
used to initiate, record, process and report on transactions.

5
Introduction to a computerised
environment
(AF, Chapter 5: pages 139 – 152)

• Slides 5 to 11 follow the sequence and headings as in

Chapter 5 of Auditing Fundamentals

6
5.1 Introduction

 Information and Communication Technology (ICT)

 Data vs Information
 Communication = flow of data and information through networks
 Difference between hardware and software (incl systems and application
software)
 Transaction vs Master files
 Processing (real-time vs batch processing)
 Data structures = Character Field  Record  File Database

Slide 7
5.2 IT Evolvement

 Key: Connection and integration

 Distributed networks and computing

 Mobility
 Open source
 Image processing
 Convergence of functionality
 Cloud computing
 Artificial intelligence and machine learning
 Blockchain (digital ledgers)
 Big Data and Data Analytics
 Robotics

Slide 8
5.3 IT Governance

 Key: Directing and controlling IT strategically

 IT impacts both strategy and operational aspects

 Should be part of all levels of the organization
 Impacts risks and control activities

5.4 Impact of IT
 New risks

 Access
 Less segregation of duties
 Lack of physical processes and documents
 Automatic transactions
 Consistency in errors
 UPSIDE: Removes ad hoc human error, speed and opportunities for better monitoring

Slide 9
5.5 Components

 Hardware
 Software
 People
 Procedures
 Data

Slide 10
Slide 11
5.6 cont. : Processing

 Batch entry and processing

 On-line entry, batch processing
 On-line entry, real-time processing
 Shadow processing

Slide 12
5.7 Classification of IT Controls

 General controls
 Controls over the complete computer information systems environment.
 These are over-arching controls
 Should be implemented for all computer environments, irrespective of their size
and complexity
 In place irrespective of whether any transactions processed or not

 Processing controls (also known as application controls)

 Specific controls for a business process or application software associated with a
business process.
 Tailor-made to transactional process to address risks related to the process and
can include both manual and computerized controls

Slide 13